On PHPMaster.com there's a new tutorial about working with cookies in PHP applications - an introductory look at what they are, how to set them and how to read their values.

Have you ever wondered that in spite of HTTP being a stateless protocol, when you log in to a website and buy stuff and checkout how the server can identify you uniquely? You might wonder if HTTP is stateless but your state is maintained through your interactions, isn’t this a contradiction? Welcome to world of cookies (not the ones which we can eat, btw :)), one the of primary ways to maintain user state and interaction between the web browser and the web server.

She shares a lifecycle of a common cookie and describes the parts of the setcookie method (parameters). There's also a few code examples showing how to read and write to them as well as update their values/expirations.

Brian Moon has posted a tip (and a bit of code) he's worked up to help make a users cookies last a bit longer than they were originally designed to:

When you start a session, if the user had no cookie, they get a new session id and they get a cookie. You can configure that cookie to last for n seconds via php.ini or session_cookie_set_params(). But, and this is a HUGE but for me, that cookie will expire in n seconds no matter what.

His method provides a way to extend the life of the cookies currently set for the domain by changing the time to live through a series of ini_get calls wrapped in a setcookie() call.

On PHP-Learn-It.com today, there's a new tutorial looking to get you, the budding PHP developer, into working with cookies in PHP.

A cookie is often used to store data which can be used to identify a user, for example, person's username. [...] In this tutorial, we will learn how to write, read and delete cookies in PHP.

They show how to create the cookie (with set_cookie) - both one that will timeout when the browser closes and one that stays after - how to read the value from them and how to remove them by setting the data in the past.

On PHP-Learn-It.com today, there's a new tutorial looking to get you, the budding PHP developer, into working with cookies in PHP.

A cookie is often used to store data which can be used to identify a user, for example, person's username. [...] In this tutorial, we will learn how to write, read and delete cookies in PHP.

They show how to create the cookie (with set_cookie) - both one that will timeout when the browser closes and one that stays after - how to read the value from them and how to remove them by setting the data in the past.

Ilia Alshanetsky has posted today about a new patch that's been applied to the PHP 5.2 source (in CVS) to include support for the "httpOnly" cookie flag in its cookie handling.

Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies.

Definitely a most excellent development! He includes some code examples to show how it will be used, as a seventh parameter to the setcookie/setrawcookie functions (TRUE/FALSE). You can also use an ini_set to make the session cookie behave the same way.

Oh, and PHP4 and 5.1 users can do the same thing of thing, just not as elegantly, with a header call to Set-Cookie manually.

Ilia Alshanetsky has posted today about a new patch that's been applied to the PHP 5.2 source (in CVS) to include support for the "httpOnly" cookie flag in its cookie handling.

Thanks to a patch from Scott MacVicar that I've just applied to CVS, PHP 5.2 will have support for httpOnly cookie flag. This neat little feature allows you to mark a newly created cookie as HTTP only, another words inaccessible to browser based scripting languages such as JavaScript. This means it would become far more difficult, if not impossible to steal a user's cookie based session by injecting JavaScript into a page and then using to read cookies.

Definitely a most excellent development! He includes some code examples to show how it will be used, as a seventh parameter to the setcookie/setrawcookie functions (TRUE/FALSE). You can also use an ini_set to make the session cookie behave the same way.

Oh, and PHP4 and 5.1 users can do the same thing of thing, just not as elegantly, with a header call to Set-Cookie manually.